Storing and Forwarding Payment Transactions

ABSTRACT

Method, systems, and apparatus for a method of processing a payment transaction using a mobile device of a merchant. In one aspect, determining the mobile device does not have a connection to an external network; receiving data indicating a payment transaction between a customer and the merchant; determining whether the payment transaction should be stored, where the determining is based on a risk heuristic model that considers one or more of the following: a number of already stored transactions, a value of the payment transaction, a total value, where the total value is a sum of the value of the payment transaction and values of one or more already stored transactions, and risk factors associated with the customer; and based at least on the determination, storing the payment transaction on the mobile device for future processing.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a non-provisional of and claims priority to U.S.Provisional Patent Application No. 61/672,228, filed on Jul. 16, 2012,the entire contents of which are hereby incorporated by reference.

TECHNICAL FIELD

This disclosure relates to mobile payment processing using a mobiledevice.

BACKGROUND

In a conventional point-of-sale electronic credit card transaction, thetransaction is authorized and captured over a network connection duringthe point-of-sale. In the authorization stage, a physical credit cardwith a magnetic stripe is swiped through a merchant's magnetic cardreader, e.g., as part of a point-of-sale device. A payment request issent electronically from the magnetic card reader to a credit cardprocessor. The credit card processor routes the payment request to acard network, e.g., Visa or Mastercard, which in turn routes the paymentrequest to the card issuer, e.g., a bank. Assuming the card issuerapproves the transaction, the approval is then routed back to themerchant. In the capture stage, the approved transaction is again routedfrom the merchant to the credit card processor, card network and cardissuer, and the payment request can include the cardholder's signature(if appropriate). The capture stage can trigger the financialtransaction between the card issuer and the merchant, and optionallycreates a receipt. There can also be other entities, e.g., the cardacquirer, in the route of the transaction. Debit card transactions havea different routing, but also require swiping of the card.

Mobile card readers are available. Some mobile card readers use WiFitechnology to communicate with the credit card processor via a wirelessnetwork access point. Some mobile card readers, e.g., in taxis, usecellular technology to communicate wirelessly with the credit cardprocessor.

SUMMARY

Although mobile card readers are available, e.g., in taxis, such systemsconventionally require an Internet connection to process transactions.However, in some situations, a merchant may be in an area without anInternet connection. For example, a taxi may make a trip to an area withno cellular data network. Therefore, a mobile device can be configuredto store a transaction if the mobile device does not have an Internetconnection and to forward the transaction to a payment service systemwhen the mobile device reestablishes an Internet connection.

In one aspect, a method of processing a payment transaction using amobile device of a merchant, comprising determining the mobile devicedoes not have a connection to an external network; receiving dataindicating a payment transaction between a customer and the merchant;determining whether the payment transaction should be stored, where thedetermining is based on a risk heuristic model that considers one ormore of the following: a number of already stored transactions, a valueof the payment transaction, a total value, where the total value is asum of the value of the payment transaction and values of one or morealready stored transactions, and risk factors associated with thecustomer; and based at least on the determination, storing the paymenttransaction on the mobile device for future processing.

Implementations may include one or more of the following. After storingthe payment transaction, determining the mobile device has a connectionto the external network; determining the mobile device has storedpayment transactions; forwarding each of the stored payment transactionsto a payment service system; and receiving a response for each of thestored payment transactions from the payment service system. Eachresponse is an acceptance or a rejection of the respective storedpayment transaction. The risk heuristic model comprises: determiningwhether a value of the payment transaction or a total value surpasses amaximum value, where the total value is a sum of the value of thepayment transaction and values of one or more already storedtransactions; and determining whether a number of stored transactionsstored on the mobile device surpasses a maximum number. If the number ofstored transactions does not surpass the maximum number and the value ofthe payment transaction or the total value do not surpass the maximumvalue, storing the payment transaction on the mobile device. If thenumber of stored transactions surpasses the maximum number, rejectingthe payment transaction. If the number of stored transactions does notsurpass the maximum number and the value of the payment transaction orthe total value surpass the maximum value, further comprising: sending arequest to proceed to a user interface of the mobile device; receivinginput through the user interface; storing the payment transaction if theinput includes an approval of the request to proceed; and rejecting thepayment transaction if the input includes a denial of the request toproceed. The payment transaction is encrypted using a key before thestoring, where the key is obtained from a payment service system.Storing the payment transaction includes storing a time or user sessiondata of the transaction. Determining whether the mobile device has aconnection to the external network after an interval of time. Theexternal network is an Internet network. The already stored transactionsare obtained from an internal database. The risk factors include priortransactions or analysis of the prior transactions. The risk factors areupdated by a payment service system when the mobile device has aconnection to the external network. The risk heuristic model is updatedby a payment service system when the mobile device has a connection tothe external network.

Advantages may include one or more of the following. A customer canconduct a point-of-sale electronic payment transaction with a merchantusing a mobile device even if the mobile device does not have anInternet connection to immediately process the electronic paymenttransaction. This allows the merchant to conduct more business withcustomers without worrying about maintaining a constant Internetconnection to a credit card processor. A maximum number of delayedtransactions and a maximum value of a delayed transaction can also beestablished to limit risk to a payment service or to the merchant.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic illustration of an example system forcommunication between mobile devices over a wireless network.

FIG. 2 is a schematic illustration of an example system for processingdistributed payment transactions.

FIG. 3 is a schematic illustration of an example wireless payment systemimplemented for a taxi.

FIG. 4 is a flow chart of an example process conducted with the wirelesspayment system.

FIG. 5 is a flow chart of an example process of storing a paymenttransaction.

FIG. 6 is a flow chart of an example process of storing a paymenttransaction using an example risk heuristic model.

FIG. 7 is a flow chart of an example process of forwarding a paymenttransaction.

FIG. 8 is a flow chart of an example process conducted by a paymentservice system.

Like reference numbers and designations in the various drawings indicatelike elements.

DETAILED DESCRIPTION

FIG. 1 is a schematic illustration of an example system 100 forcommunication between mobile devices over a wireless network. The system100 shown in FIG. 1 is an example of a system that can be configured toestablish secure communication between mobile devices over a wirelessnetwork using a pairing process in conjunction with a comparison ofpublic keys. The secure communication is described in U.S. patentapplication Ser. No. 13/353,238, filed on Jan. 18, 2012, entitled“MOBILE CARD PROCESSING USING MULTIPLE WIRELESS DEVICES,” which isincorporated by reference herein in its entirety.

The system 100 includes a first mobile device 102 and a second mobiledevice 106 that can communicate over wireless network 104. The system100 can also include additional mobile devices. The system 100 and thewireless network 104 can be connected to an external network, e.g., theInternet 108. For example, the wireless network 104 can be a WiFi hotspot that includes a wireless access point for wireless connection tothe mobile devices 102 and 106. The wireless network 104 can alsoinclude a wired or cellular, e.g., 3G or 4G, connection the Internet108. Alternatively or in addition, one or both of the mobile devices102, 106 could have a wireless connection to the Internet, e.g., over acell network. However, the Internet 108 is not needed for the twodevices 102 and 106 to establish secure communications. The two devices102 and 106 can establish secure communication solely through thewireless network 104. Establishing secure communications through apairing process and a comparison of public keys can be implemented withmore than two devices.

In some implementations, described further below, the first device 102serves as a customer-facing device, and the second device 106 serves asa merchant-facing device 106. A “customer facing” device is a devicethat is configured with applications to display messages to and receiveinput from the customer. For example, the customer facing device candisplay a total for a transaction, display an interface for the customerto set a tip, and display a message that a credit card should be swiped.A “merchant facing” device is a device that is configured withapplications to display messages to and receive input from the merchant.For example, the merchant facing device can display an interface for themerchant to enter a transaction, calculate a total amount due for thetransaction, and display an interface for the merchant to request thatthe transaction be submitted for authorization.

FIG. 2 is a schematic illustration of the architecture 200 of an examplesystem for processing distributed payment transactions. The system 200includes a wireless payment system 202. The wireless payment system 202includes multiple devices, e.g., a customer facing device 102 and amerchant facing device 106, connected to the wireless network 104. Thewireless network 104 is connected at least intermittently to an externalnetwork 108, e.g., the Internet. The wireless network 104 can be awireless access point. In some implementations, the wireless network 104is a Wi Fi hotspot.

The system 100 or the system 300 can be used in implementing thewireless payment system 202. The customer facing device 102 can beimplemented using the first device 102, but with additional programmingto enable the device for use in the distributed payment transaction.Similarly, the merchant facing device 106 can be implemented using thesecond device 106, but with additional programming to enable the devicefor use in the distributed payment transaction. The wireless network 104can be implemented using the wireless network 104.

In some implementations, devices connected to the wireless network 104can securely communicate with each other, e.g., through a process ofestablishing secure communication as described above. In particular,once secure communication is established, the devices connected to thewireless network 104 can securely communicate with each other withoutdata passing through the external network 108, e.g., through theInternet.

The customer facing device 102 can be a mobile computing device, i.e., ahand held computing device, capable of running a customer-facing portionof a merchant application. For example, the customer facing device 102can be a smart phone, tablet computer, laptop, or other data processingapparatus. The customer facing device 102 can include a display, e.g., atouch screen display. In some implementations, the customer facingdevice 102 and the display are two devices connected to each other.

The customer facing device 102 can include or be attached to a creditcard reader. For example, the card reader can be attached to an input,e.g., an audio jack, of the customer facing device 102.

The merchant facing device 106 is also a mobile computing device,capable of running a merchant-facing portion the merchant application.For example, the merchant facing device 106 can be a smart phone, tabletcomputer, laptop, or other data processing apparatus. The merchantfacing device 106 can also include a display, e.g., a touch screendisplay. In some implementations, the wireless payment system 202includes more than one customer facing device or more than one merchantfacing device.

In some implementations, the merchant application has a login and logoutfunctionality such that multiple merchants, each having a separateaccount with the payment service system 208, can use the same device 106for processing distributed payment transactions. The functionalityallows a driver to login and logout of the payment service system 208.Association by the payment service system 208 of the device 106 with theappropriate merchant account can be done by conventional logintechniques.

In some implementations, the system 200 includes a computer system 204connected to the network 108. The computer system 204 can process orstore data related to the transaction for analysis by the merchant oranother third party that has a right to the data related to thetransaction. For example, the merchant can be a franchisee and the thirdparty can be the franchisor. As another example, the third party can beresponsible for coordinating jobs between various merchants who arethemselves independent contractors, e.g., the merchant can be a taxidriver and the third party can be a dispatcher.

When a merchant submits a transaction to the payment service system 208,the transaction can include sufficient information, e.g., the name or idnumber of the merchant, to associate the merchant with the third party.The payment service system 208 can maintain a database associatingmerchants with third parties, and when the payment service system 208receive this information, it can identify the associated third partyfrom the information. This allows the payment service system 208 to senddata about transactions to the computer system 204 of the associatedthird party.

For example, if the system 200 is implemented in a restaurant, acustomer can pay a restaurant using the wireless payment system 202after a waiter at the restaurant brings the customer the final tab ofthe meal. After conducting the transaction, the system can send dataabout the meal to a computer system 204, e.g., a meal tracking system.The data can include which items were ordered, the cost of the meal, thetip included, the date and time of the meal, or which waiter served thecustomer.

In some implementations, the customer facing device 102 receivestransaction details from the merchant facing device 106 and displays thedetails on the display of the merchant facing device 106. In particular,the merchant facing device 106 can calculate an amount for thetransaction, e.g., based on purchase of individual items, and the amountcan be sent to the customer facing device 102 and displayed.

The wireless payment system 202 can communicate with a payment servicesystem 208 using the network 108.

In some implementations, the merchant facing device 106 receivestransaction details from the customer facing device 102 and communicateswith the payment service system 208 to submit a request forauthorization of the transaction. In particular, when the customerswipes the card through the card reader, the card information can besent to the merchant facing device 106. Similarly, a signature, PIN, orother data required for authorization of the transaction can be input bythe customer into the customer facing device 102, e.g., entered on thetouch screen display, and this data can be sent to the merchant facingdevice 106.

In some implementations, the customer facing device 102 does not sendtransaction details to the merchant facing device 106. Instead, thecustomer facing device 102 receives the amount for the transaction fromthe merchant facing device 106, and receives the card information fromthe card reader when the customer swipes the card. The customer facingdevice 102 communicates with the payment service system 208 to submit arequest for authorization of the transaction.

The payment service system 208 includes a secure server 212 to processesall transactions from the wireless payment system 202. The secure server212 handles secure information such as credit card numbers, debit cardnumbers, bank accounts, user accounts, user identifying information orother sensitive information.

The payment service system 208 can communicate electronically with acard payment network 216, e.g., Visa, Mastercard, or the like. Thepayment service system 208 can communicate with a card payment network216 over the same network 108 used to communicate with the wirelesspayment system 202, or over a different network. The computer system 216of the card payment network can communicate in turn with a computersystem 218 of a card issuer, e.g., a bank. There can also be computersystems of other entities, e.g., the card acquirer, between the paymentservice system 208 and the card issuer.

Before a transaction between the user and the merchant can be performedusing the wireless payment system 202, the merchant must create amerchant account with the payment service system 208. The merchant cansign up using a mobile application or using an online website, and canuse a device within the wireless payment system 202 or another computingdevice, e.g., a home computer. At some point prior to the transaction,one or more applications are downloaded to the devices within thewireless payment system 202, e.g., a merchant facing device and acustomer facing device. The merchant facing and customer facing devicesmay run the same application or customized applications to each device(e.g. a merchant application and a customer application). In someimplementations, the applications are downloaded through an applicationstore. Creation of the merchant account can be handled through theapplication, or through another application, e.g., a generic webbrowser. The merchant enters a name, account password, and contactinformation, e.g., email address, and physical location information (ifapplicable), e.g., an address, into the payment service system 208. Themerchant can also provide other information, e.g., a list of goods orservices available, operating hours, phone number, a small identifyingimage logo or mark, to the payment service system 208. The dataassociated with the merchant account 214 can be stored at the secureserver 212, e.g., in a database. In some implementations, the merchantcan provide information sufficient to establish communication with thecomputer system 204 and this information can be stored in the paymentservice system 208.

Eventually, in order to receive funds from the transaction, the merchantwill need to enter financial account information into the paymentservice system 208 sufficient to receive funds. For example, in the caseof a bank account, the user can enter the bank account number androuting number. However, the merchant's financial account can also beassociated with a credit card account or another third party financialaccount. In addition, in some implementations, if the merchant has notentered the financial account information, the payment service system208 can hold the received funds until the financial account informationis provided.

FIG. 3 is a schematic illustration of a wireless payment systemimplemented in a taxi environment. The wireless payment system 301includes a meter 302, a mobile driver side (i.e., merchant facing)device 304, a passenger side (i.e., customer facing) device 308, a cardreader 310, and the wireless network 306. The wireless network 306 caninclude wireless access point mounted in the vehicle that provides aWiFi hot spot. The wireless network 306 can include a transceiver thatprovides a cellular connection, e.g., 3G or 4G, to the external network306.

In some implementations, the driver side device 304 is physicallyconnected to the meter 302, e.g., by a data cable, such as a USB cable.The driver side device 304 can be positioned next to the taxi driver inthe front of the taxi. The driver side device 304 is wirelesslyconnected to the wireless network 306. The driver side device 304 can bea smart phone or tablet computer having a display onto which the driverhas loaded an appropriate application. The driver side device 304 canalso display a passenger fare for the taxi ride.

The passenger side device 308 can be positioned in the back of the taxiwhere a customer can interface with the device. For example, thepassenger side device 308 can be affixed to the back of the front seatof the taxi, or to the back of the barrier separating the drivercompartment from the passenger compartment. The card reader 310 isattached to an input, e.g., an audio jack, of the passenger side device308. The passenger side device 308 is wirelessly connected to thewireless network 306. The passenger side device 308 can be a tabletcomputer onto which an appropriate application has been loaded. As atablet computer, the passenger side device 308 includes a display, e.g.,a touch screen display.

In some implementations, the driver application has a login and logoutfunctionality such that multiple taxi drivers, each having a driveraccount, can use the same device 304 for processing distributed paymenttransactions. The functionality allows a driver to login and logout ofthe payment service system 208. Association by the payment servicesystem 208 of the device 304 with the appropriate driver account can bedone by conventional login techniques.

The driver side device 304 can read data from the meter 302, e.g. fareof a trip, while the passenger side device 308 can read card data, i.e.,card information such as the card number, or cardholder name, from thecard reader 310. The wireless payment system 301 can communicate withthe payment service system 208 over the external network 311, e.g., theInternet.

The wireless payment system 301 can also communicate with a computersystem 312, e.g., a dispatch system, of a dispatcher. The computersystem 312 can process or store data about taxi rides, as discussedbelow.

In the taxi environment, when a driver submits a transaction to thepayment service system 208, the transaction can include sufficientinformation, e.g., the name or id number of the driver, to associate thedriver with the dispatcher. The payment service system 208 can maintaina database associating drivers with dispatchers, and when the paymentservice system 208 receive this information, it can identify theassociated dispatcher from the information. This allows the paymentservice system 208 to send data about the taxi ride to the computersystem 312 of the associated dispatcher.

For example, if the system 200 is implemented in a taxi, a customer canpay a taxi driver using the wireless payment system 202 after the taxidriver brings the customer to the customer's destination. Afterconducting the transaction, the system can send data about the taxi rideto a computer system 204, e.g., the computer system of the dispatcher.The data can include a start location and an end location of the taxiride, the duration of the trip, the distance of the trip, the date andtime of the trip, total cost of the trip (e.g., passenger fare and tip),or which taxi cab performed the service.

FIG. 4 is a diagram of an example flow chart of a process 400 conductedwith the wireless payment system 102 implemented in a taxi environment.For example, a customer can enter a taxi and ask a taxi driver to takethe customer to a destination. The taxi driver starts a meter thatdetermines the fare of the trip based at least on the distance andduration of the trip. In some implementations, when the driver startsthe meter, the meter generates a signal that is sent to the driver sidedevice indicating that the ride has started.

Once the taxi driver arrives at the destination, the taxi driver stopsthe meter, which causes the meter to finalize the fare of the trip. Thedriver side device then receives the amount of the fare of the trip fromthe meter (step 402). The driver side device can send the amount of thefare of the trip to the passenger side device (step 404). In someimplementations, the driver side device sends the amount of the fare tothe passenger side device after receiving a signal from the meter (e.g.,the driver stops the meter) indicating an end of the trip.

Once the passenger side device receives the amount of the fare of thetrip through the wireless network, the passenger side device can displaythe amount of the fare of the trip (step 406) to the customer. Thecustomer can pay by swiping a card through the card reader attached tothe passenger side device. The passenger side device can receive carddata, e.g., the card number, from the card reader (step 408). In someimplementations, the passenger side device can receive card data from acustomer that manually inputs in a card number, e.g., using the touchscreen of the passenger side device. After receiving card data, thepassenger side device can optionally display a request for a signatureand receive a signature approving the transaction (step 410). Thepassenger side device can display a request to enter a tip amount, andcan receive passenger input selecting a tip amount. The passenger sidedevice can calculate a total transaction amount (the fare plus the tip)and display the total transaction amount. The passenger side device canalso receive contact information for a receipt (step 412). The passengerside device can receive this information through customer input into thepassenger side device, e.g., through a graphical user interface on thetouch screen display.

In some implementations, the passenger side device initiates the requestfor authorization of the transaction. In this case, the passenger sidedevice sends the payment information, which includes at least thetransaction amount and the card data (e.g., the card number), but mayalso include the signature and contact information, directly to thepayment service system, e.g., using an Internet connection.

In some implementations, the driver side device initiates the requestfor authorization of the transaction. In this case, the passenger sidedevice sends the payment information, including at least the card datareceived from the card reader, to the driver side device (step 414). Thesignature, tip amount or total transaction amount, and contactinformation can also be sent to the driver side device. The driver sidedevice can then send the payment information to the payment servicesystem (step 416/806), e.g., using an Internet connection.

In some implementations, neither the driver side device nor thepassenger side device has access to an external network connection,e.g., an Internet connection. That is, because the mobile device cannotconnect to the payment service system using an Internet connection, therequest for authorization cannot be initiated at the end of the trip,e.g., when the customer is about to pay using a credit card and leavethe taxi. Instead, the mobile device can store the transaction andprocess the transaction later. Processing the transaction later can beaccomplished by forwarding the transaction to the payment service systemwhen the mobile device reestablishes an Internet connection.

In order to encourage merchants that are likely to enter areas withoutan external network connection, e.g., taxis, to use the payment system200, the payment service may decide to cover some transactions (i.e.,pay the merchant) even if the transactions are not approved.

FIG. 5 is a diagram of an example flow chart 500 of storing a paymenttransaction. The mobile device, e.g., a merchant device, e.g., themerchant-facing device, determines there is no connection to an externalnetwork, e.g., the Internet (step 502). The mobile device can testwhether a connection can be made to a resource, e.g., a web page,located on the external network. There may be no cellular Internetconnection in areas with poor cellular data reception or with too manycellular data connections concentrated in one area.

The mobile device receives data indicating a payment transaction (step503). For example, a merchant facing device can receive, over a WiFinetwork, the data from a customer facing device, which receives datafrom a user swiping a card at a card reader attached to the mobiledevice. The data can include payment information, a signature, a tipamount, or a total transaction amount as described above in reference toFIG. 4.

The mobile device can execute a risk heuristic model to determinewhether the payment service covers a transaction (step 504). The riskheuristic model can use a number of already stored transactions, a valueof the proposed stored transaction, and/or a total value for all storedtransactions in evaluating the risk and determining whether the paymentservice will cover the transaction. For example, the risk heuristicmodel can compare a number of already stored transactions, a value ofthe proposed stored transaction, and/or a total value for all storedtransactions to, respectively, a maximum number of stored transactions,a maximum individual value for an individual stored transaction, and amaximum total value for all stored transactions. Where the number orvalue exceeds the maximum, the mobile device can determine that thepayment service will not cover the transaction. These numbers, values,and their respective maximums can be stored on a mobile device, e.g., inan internal database.

The risk heuristic model can also use risk factors associated with acardholder of the mobile device. For example, the risk factors caninclude prior transactions or analysis of the prior transactions. Insome implementations, when there is a connection, e.g., prior to a storeand forward transaction, the payment service system sends the riskfactors to the mobile device, e.g., whenever the payment service systemdetermines new or updated risk factors. Therefore, the mobile device canupdate its risk heuristic model to consider the risk factors.

The risk heuristic model can be dynamically modified by the paymentservice system. For example, the maximum number of stored transactionsor the maximum value of a payment transaction can be modified through acommunication, e.g., in the background when there is an Internetconnection, with the payment service system. Some risk factors can alsobe updated to weigh more than others.

The mobile device can determine whether the payment service system willguarantee payment to the merchant based on the risk heuristic model(step 506). If payment will be guaranteed, the mobile device stores thetransaction for future processing (step 508). If the payment will not beguaranteed, e.g., the risk heuristic model deems the transaction as toorisky, the mobile device prompts the merchant for an approval to proceed(step 510). That is, the mobile device indicates to the merchant, e.g.,using a user interface of the device, that the transaction will not becovered if the transaction is denied upon future processing. Thus, themerchant will be taking a risk of non-payment if the transaction isdenied upon future processing. If the merchant approves, the mobiledevice stores the transaction (step 508). If the merchant does notapprove, the mobile device rejects the transaction (step 512). Steps506-512 will be described further below in reference to FIG. 6.

FIG. 6 is a diagram of an example flow chart 600 of storing a paymenttransaction using an example risk heuristic model. The example riskheuristic model considers a number of already stored transactions, avalue of a proposed transaction, and a total value of previously storedtransactions and does not consider risk factors. In some otherimplementations, a different combination or subcombination of the aboveconsiderations, e.g., including or excluding the risk factors, are usedfor the risk heuristic model.

The mobile device can determine there is no connection to an externalnetwork and receive data indicating a payment transaction (steps602/604), as described above in reference to FIG. 5.

The mobile device determines whether a number of already storedtransactions surpass a maximum number of stored transactions (step 606).The maximum number of stored transactions can be established to limitthe number of times a mobile device can store a transaction for futureprocessing. If the number of stored transactions surpasses the maximumnumber, the mobile device prompts the merchant for approval (step 614),which will be described further below. In some implementations,determining whether the number of stored transactions surpasses themaximum number is an optional step.

If the number of stored transactions does not surpass the maximumnumber, the mobile device determines whether the value of the proposedpayment transaction surpasses the maximum value for the individualstored transaction and/or whether the total value of the proposedpayment transaction plus the value of the already stored transactionsexceeds the maximum total value for all stored transactions (step 610).The value of the payment transaction can be obtained from the dataindicating the payment transaction. If the value of the proposed paymenttransaction surpasses the maximum individual value, or if the totalvalue of the proposed payment transaction plus the value of the alreadystored transactions exceeds the maximum total value, the mobile devicedisplays a message that the merchant will be taking the risk ofnon-payment if the transaction is not approved, and request merchantapproval before proceeding (step 614). The merchant can approve or denythe request, e.g., through a user interface of the mobile device. If themerchant approves the request, the mobile device stores the transactionfor future processing (step 612), e.g., in an internal database. Anindication that the transaction was one which exceeded a maximum can bestored in the internal database.

In some implementations, the mobile device encrypts the transaction,e.g., using a key or a signature on the mobile device, before storingthe transaction. The key can be obtained from the payment servicesystem. The key can also be short lived and discarded after a singleuse. For example, after the mobile device uploads a collection of storedtransactions, the payment service system can provide the mobile devicewith a new key. If the merchant denies the request, the mobile devicerejects the transaction (step 608). A notification of the rejection ofthe transaction can be sent to a user interface of the mobile device.

In some implementations, when the mobile device stores the transaction,the mobile device includes storing a time or user session data of thetransaction. The time or user session data can identify the merchantassociated with the transaction. For example, in a taxi environment, ifa first taxi driver changes shifts with a second taxi driver, comparinga time of a stored transaction with a time of the shift change canindicate which taxi driver should be associated with the storedtransaction. Similarly, the second taxi driver can sign in using arespective personal account on the mobile device. This starts a new usersession between the mobile device and the second taxi driver. As aresult, subsequent stored transactions will be associated with thesecond driver.

Once the mobile device stores the transaction, the mobile device canincrement the number of stored transactions, e.g., in an internaldatabase. In some implementations, the number of stored transactions isreset after all stored transactions are forwarded to a payment servicesystem. In alternative implementations, the number of storedtransactions is decreased when one or more stored transactions areforwarded.

FIG. 7 is a diagram of an example flow chart 700 of forwarding a paymenttransaction. The mobile device, e.g., a merchant device, canperiodically determine whether the mobile device can access an externalnetwork, e.g., the Internet. This determination can occur during,before, or after a transaction. For example, the mobile device can pinga resource every few minutes or through an exponential backoffalgorithm. If the mobile device eventually determines it can access theInternet (step 702), the mobile device determines whether there arestored transactions on the mobile device (step 704). If there are storedtransactions that have not yet been forwarded, the mobile deviceforwards each transaction to a payment service system for processing(step 706), e.g., using the reestablished Internet connection. In someimplementations, the stored transactions are batched and sent to thepayment service system for processing. Processing forwarded transactionsby a payment service system can occur as described below above inreference to FIGS. 8A-B. Once the forwarded transactions are processed,the mobile device can receive a response for each transaction (step708). The responses can be acceptances or rejections of the respectivetransactions. The responses can also include receipts for eachrespective transaction.

FIG. 8 is a diagram of an example flow chart of a process 800 conductedby a payment service system 208 after receiving a distributed paymenttransaction from the wireless payment system 102. The payment servicesystem 208 can receive the distributed payment transaction, e.g., astored transaction, from the wireless payment system (step 802). Thedistributed payment transaction can include card data, a signature, andother payment information (e.g., payment amount) provided by thecustomer.

The payment service system 208 then processes the distributed paymenttransaction (step 804) by sending a record to the computer system of thecard payment network 216, e.g., Visa or MasterCard, and the card paymentnetwork 216 then sends the record to the card issuer, e.g., the bank, asdescribed above in FIG. 1.

If the transaction is approved and the payment service system 208receives approval from the card payment network 216, the payment servicesystem 208 communicates this to whichever device (driver side orpassenger side) that initiated the request for authorization (step 806).For example, in the case of a stored transaction, the approval can bedisplayed on the driver side device. The driver side and/or passengerside device then captures the transaction. In the capture stage, theapproved transaction is again routed from the capturing device to thecard processor, card network and card issuer. The record of thetransaction in the capture stage can include the cardholder's signature(if appropriate), or other information. The capture state can triggerthe financial transaction between the card issuer and the merchant. Onreceipt of an indication from the card network that the transaction hasbeen captured, the payment service system 208 optionally createsreceipts to send to the customer, e.g., through the customer applicationand/or through the previously provided contact email, and to themerchant (step 808). For example, if the wireless payment system 202 isimplemented in a taxi environment, before signing for the transaction,the customer can input an email address to which the payment servicesystem can send the receipt. Both devices can then display the receiptin each of their applications.

If the transaction is not approved because it would exceed the creditlimit or there are insufficient funds in the customer's financialaccount, the payment service system 208 notifies the application onwhichever device (driver side or passenger side) that initiated therequest for authorization. For example, in the case of a storedtransaction, a notification can be displayed on the driver side device.

As noted above, the payment service may decide to cover sometransactions (i.e., pay the merchant) even if the transactions are notapproved. In particular, the payment service may determine whether thestored transaction is for an amount less than the maximum individualamount, and/or whether the total amount of all the stored transactionsis less than the maximum total amount. If it is, the payment service canpay the merchant for the amount of the stored transaction. However, ifthe transaction is not approved and the transaction exceeds theindividual or total amount, then the payment service system 208 notifiesthe merchant that the transaction was not approved and that the paymentservice is not covering the transaction. The message can be sent towhichever device (driver side or passenger side) that initiated therequest for authorization.

Embodiments of the subject matter and the operations described in thisspecification can be implemented in digital electronic circuitry, or incomputer software, firmware, or hardware, including the structuresdisclosed in this specification and their structural equivalents, or incombinations of one or more of them. Embodiments of the subject matterdescribed in this specification can be implemented as one or morecomputer programs, i.e., one or more modules of computer programinstructions, encoded on a non-transitory computer storage medium forexecution by, or to control the operation of, data processing apparatus.Alternatively or in addition, the program instructions can be encoded onan artificially-generated propagated signal, e.g., a machine-generatedelectrical, optical, or electromagnetic signal, that is generated toencode information for transmission to suitable receiver apparatus forexecution by a data processing apparatus. A computer storage medium canbe, or be included in, a computer-readable storage device, acomputer-readable storage substrate, a random or serial access memoryarray or device, or a combination of one or more of them. Moreover,while a computer storage medium is not a propagated signal, a computerstorage medium can be a source or destination of computer programinstructions encoded in an artificially-generated propagated signal. Thecomputer storage medium can also be, or be included in, one or moreseparate physical components or media (e.g., multiple CDs, disks, orother storage devices).

The operations described in this specification can be implemented asoperations performed by a data processing apparatus on data stored onone or more computer-readable storage devices or received from othersources.

The term “data processing apparatus” encompasses all kinds of apparatus,devices, and machines for processing data, including by way of example aprogrammable processor, a computer, a system on a chip, or multipleones, or combinations, of the foregoing The apparatus can includespecial purpose logic circuitry, e.g., an FPGA (field programmable gatearray) or an ASIC (application-specific integrated circuit). Theapparatus can also include, in addition to hardware, code that createsan execution environment for the computer program in question, e.g.,code that constitutes processor firmware, a protocol stack, a databasemanagement system, an operating system, a cross-platform runtimeenvironment, a virtual machine, or a combination of one or more of them.The apparatus and execution environment can realize various differentcomputing model infrastructures, such as web services, distributedcomputing and grid computing infrastructures.

A computer program (also known as a program, software, softwareapplication, script, or code) can be written in any form of programminglanguage, including compiled or interpreted languages, declarative orprocedural languages, and it can be deployed in any form, including as astand-alone program or as a module, component, subroutine, object, orother unit suitable for use in a computing environment. A computerprogram may, but need not, correspond to a file in a file system. Aprogram can be stored in a portion of a file that holds other programsor data (e.g., one or more scripts stored in a markup languageresource), in a single file dedicated to the program in question, or inmultiple coordinated files (e.g., files that store one or more modules,sub-programs, or portions of code). A computer program can be deployedto be executed on one computer or on multiple computers that are locatedat one site or distributed across multiple sites and interconnected by acommunication network.

The processes and logic flows described in this specification can beperformed by one or more programmable processors executing one or morecomputer programs to perform actions by operating on input data andgenerating output. The processes and logic flows can also be performedby, and apparatus can also be implemented as, special purpose logiccircuitry, e.g., an FPGA (field programmable gate array) or an ASIC(application-specific integrated circuit).

Processors suitable for the execution of a computer program include, byway of example, both general and special purpose microprocessors, andany one or more processors of any kind of digital computer. Generally, aprocessor will receive instructions and data from a read-only memory ora random access memory or both. The essential elements of a computer area processor for performing actions in accordance with instructions andone or more memory devices for storing instructions and data. Generally,a computer will also include, or be operatively coupled to receive datafrom or transfer data to, or both, one or more mass storage devices forstoring data, e.g., magnetic, magneto-optical disks, or optical disks.However, a computer need not have such devices. Moreover, a computer canbe embedded in another device, e.g., a mobile telephone, a personaldigital assistant (PDA), a mobile audio or video player, a game console,a Global Positioning System (GPS) receiver, or a portable storage device(e.g., a universal serial bus (USB) flash drive), to name just a few.Devices suitable for storing computer program instructions and datainclude all forms of non-volatile memory, media and memory devices,including by way of example semiconductor memory devices, e.g., EPROM,EEPROM, and flash memory devices; magnetic disks, e.g., internal harddisks or removable disks; magneto-optical disks; and CD-ROM and DVD-ROMdisks. The processor and the memory can be supplemented by, orincorporated in, special purpose logic circuitry.

To provide for interaction with a user, embodiments of the subjectmatter described in this specification can be implemented on a computerhaving a display device, e.g., a CRT (cathode ray tube) or LCD (liquidcrystal display) monitor, for displaying information to the user and akeyboard and a pointing device, e.g., a mouse or a trackball, by whichthe user can provide input to the computer. Other kinds of devices canbe used to provide for interaction with a user as well; for example,feedback provided to the user can be any form of sensory feedback, e.g.,visual feedback, auditory feedback, or tactile feedback; and input fromthe user can be received in any form, including acoustic, speech, ortactile input. In addition, a computer can interact with a user bysending resources to and receiving resources from a device that is usedby the user; for example, by sending web pages to a web browser on auser's client device in response to requests received from the webbrowser.

Embodiments of the subject matter described in this specification can beimplemented in a computing system that includes a back-end component,e.g., as a data server, or that includes a middleware component, e.g.,an application server, or that includes a front-end component, e.g., aclient computer having a graphical user interface or a Web browserthrough which a user can interact with an implementation of the subjectmatter described in this specification, or any combination of one ormore such back-end, middleware, or front-end components.

The computing system can include clients and servers. A client andserver are generally remote from each other and typically interactthrough a communication network. The relationship of client and serverarises by virtue of computer programs running on the respectivecomputers and having a client-server relationship to each other. In someembodiments, a server transmits data (e.g., an HTML page) to a clientdevice (e.g., for purposes of displaying data to and receiving userinput from a user interacting with the client device). Data generated atthe client device (e.g., a result of the user interaction) can bereceived from the client device at the server.

A system of one or more computers can be configured to performparticular operations or actions by virtue of having software, firmware,hardware, or a combination of them installed on the system that inoperation causes or cause the system to perform the actions. One or morecomputer programs can be configured to perform particular operations oractions by virtue of including instructions that, when executed by dataprocessing apparatus, cause the apparatus to perform the actions.

While this specification contains many specific implementation details,these should not be construed as limitations on the scope of anyinventions or of what may be claimed, but rather as descriptions offeatures specific to particular embodiments of particular inventions.Certain features that are described in this specification in the contextof separate embodiments can also be implemented in combination in asingle embodiment. Conversely, various features that are described inthe context of a single embodiment can also be implemented in multipleembodiments separately or in any suitable subcombination. Moreover,although features may be described above as acting in certaincombinations and even initially claimed as such, one or more featuresfrom a claimed combination can in some cases be excised from thecombination, and the claimed combination may be directed to asubcombination or variation of a subcombination.

Similarly, while operations are depicted in the drawings in a particularorder, this should not be understood as requiring that such operationsbe performed in the particular order shown or in sequential order, orthat all illustrated operations be performed, to achieve desirableresults. In certain circumstances, multitasking and parallel processingmay be advantageous. Moreover, the separation of various systemcomponents in the embodiments described above should not be understoodas requiring such separation in all embodiments, and it should beunderstood that the described program components and systems cangenerally be integrated together in a single software product orpackaged into multiple software products.

In some cases, the actions recited in the claims can be performed in adifferent order and still achieve desirable results. In addition, theprocesses depicted in the accompanying figures do not necessarilyrequire the particular order shown, or sequential order, to achievedesirable results. In certain implementations, multitasking and parallelprocessing may be advantageous.

Thus, particular embodiments of the subject matter have been described.Other embodiments are within the scope of the following claims. Forexample, usage of wireless payment system may not be limited to a taxienvironment but could also be applied to other environments, such as arestaurant. Moreover, usage of the techniques to establish securecommunication may not be limited to mobile devices, but could also beapplied to non-mobile or wired devices connected to a network. Althoughthe swiping of a card through a reader is described above, othertechniques for scanning a card, e.g., chip reading or near fieldcommunication, could be used to read data from the card.

Although FIGS. 1 and 2 illustrate a system 200 in which customer-facingand merchant-facing functions are distributed between a first device 102and a second device 106, the techniques for storing and forwardingtransactions are applicable if there is only a single device. In thiscase the same device provides the customer-facing functions, e.g.,displaying a request for the credit card swipe and receiving the cardinformation from the card reader, and the merchant-facing functions,e.g., entering the transaction and calculating a total amount for thetransaction.

1. A method of processing a payment transaction using a mobile device ofa merchant, comprising: determining the mobile device does not have aconnection to an external network; receiving data indicating a paymenttransaction between a customer and the merchant; determining whether thepayment transaction should be stored, where the determining is based ona risk heuristic model that considers one or more of the following: anumber of already stored transactions, a value of the paymenttransaction, a total value, where the total value is a sum of the valueof the payment transaction and values of one or more already storedtransactions, and risk factors associated with the customer; and basedat least on the determination, storing the payment transaction on themobile device for future processing.
 2. The method of claim 1, furthercomprising: after storing the payment transaction, determining themobile device has a connection to the external network; determining themobile device has stored payment transactions; forwarding each of thestored payment transactions to a payment service system; and receiving aresponse for each of the stored payment transactions from the paymentservice system.
 3. The method of claim 2, where each response is anacceptance or a rejection of the respective stored payment transaction.4. The method of claim 1, where the risk heuristic model comprises:determining whether a value of the payment transaction or a total valuesurpasses a maximum value, where the total value is a sum of the valueof the payment transaction and values of one or more already storedtransactions; and determining whether a number of stored transactionsstored on the mobile device surpasses a maximum number.
 5. The method ofclaim 4, where if the number of stored transactions does not surpass themaximum number and the value of the payment transaction or the totalvalue do not surpass the maximum value, storing the payment transactionon the mobile device.
 6. The method of claim 4, where if the number ofstored transactions surpasses the maximum number, rejecting the paymenttransaction.
 7. The method of claim 4, where if the number of storedtransactions does not surpass the maximum number and the value of thepayment transaction or the total value surpass the maximum value,further comprising: sending a request to proceed to a user interface ofthe mobile device; receiving input through the user interface; storingthe payment transaction if the input includes an approval of the requestto proceed; and rejecting the payment transaction if the input includesa denial of the request to proceed.
 8. The method of claim 1, where thepayment transaction is encrypted using a key before the storing, wherethe key is obtained from a payment service system.
 9. The method ofclaim 1, where storing the payment transaction includes storing a timeor user session data of the transaction.
 10. The method of claim 1,further comprising determining whether the mobile device has aconnection to the external network after an interval of time.
 11. Themethod of claim 1, where the external network is an Internet network.12. The method of claim 1, where the already stored transactions areobtained from an internal database.
 13. The method of claim 1, where therisk factors include prior transactions or analysis of the priortransactions.
 14. The method of claim 1, where the risk factors areupdated by a payment service system when the mobile device has aconnection to the external network.
 15. The method of claim 1, where therisk heuristic model is updated by a payment service system when themobile device has a connection to the external network.
 16. A computerprogram product, tangibly embodied in a machine readable storage media,comprising instructions for causing a processor to perform operationscomprising: determining the mobile device does not have a connection toan external network; receiving data indicating a payment transactionbetween a customer and the merchant; determining whether the paymenttransaction should be stored, where the determining is based on a riskheuristic model that considers one or more of the following: a number ofalready stored transactions, a value of the payment transaction, a totalvalue, where the total value is a sum of the value of the paymenttransaction and values of one or more already stored transactions, andrisk factors associated with the customer; and based at least on thedetermination, storing the payment transaction on the mobile device forfuture processing.
 17. The computer program product of claim 16, furthercomprising: after storing the payment transaction, determining themobile device has a connection to the external network; determining themobile device has stored payment transactions; forwarding each of thestored payment transactions to a payment service system; and receiving aresponse for each of the stored payment transactions from the paymentservice system.
 18. The computer program product of claim 17, where eachresponse is an acceptance or a rejection of the respective storedpayment transaction.
 19. The computer program product of claim 16, wherethe risk heuristic model comprises: determining whether a value of thepayment transaction or a total value surpasses a maximum value, wherethe total value is a sum of the value of the payment transaction andvalues of one or more already stored transactions; and determiningwhether a number of stored transactions stored on the mobile devicesurpasses a maximum number.
 20. The computer program product of claim19, where if the number of stored transactions does not surpass themaximum number and the value of the payment transaction or the totalvalue do not surpass the maximum value, storing the payment transactionon the mobile device.
 21. The computer program product of claim 19,where if the number of stored transactions surpasses the maximum number,rejecting the payment transaction.
 22. The computer program product ofclaim 19, where if the number of stored transactions does not surpassthe maximum number and the value of the payment transaction or the totalvalue surpass the maximum value, further comprising: sending a requestto proceed to a user interface of the mobile device; receiving inputthrough the user interface; storing the payment transaction if the inputincludes an approval of the request to proceed; and rejecting thepayment transaction if the input includes a denial of the request toproceed.
 23. The computer program product of claim 16, where the paymenttransaction is encrypted using a key before the storing, where the keyis obtained from a payment service system.
 24. The computer programproduct of claim 16, where storing the payment transaction includesstoring a time or user session data of the transaction.
 25. The computerprogram product of claim 16, further comprising determining whether themobile device has a connection to the external network after an intervalof time.
 26. The computer program product of claim 16, where theexternal network is an Internet network.
 27. The computer programproduct of claim 16, where the already stored transactions are obtainedfrom an internal database.
 28. The computer program product of claim 16,where the risk factors include prior transactions or analysis of theprior transactions.
 29. The computer program product of claim 16, wherethe risk factors are updated by a payment service system when the mobiledevice has a connection to the external network.
 30. The computerprogram product of claim 16, where the risk heuristic model is updatedby a payment service system when the mobile device has a connection tothe external network.
 31. A system comprising: a processor; andcomputer-readable medium coupled to the processor and havinginstructions stored thereon, which, when executed by the processor,cause the processor to perform operations comprising: determining themobile device does not have a connection to an external network;receiving data indicating a payment transaction between a customer andthe merchant; determining whether the payment transaction should bestored, where the determining is based on a risk heuristic model thatconsiders one or more of the following: a number of already storedtransactions, a value of the payment transaction, a total value, wherethe total value is a sum of the value of the payment transaction andvalues of one or more already stored transactions, and risk factorsassociated with the customer; and based at least on the determination,storing the payment transaction on the mobile device for futureprocessing.
 32. The system of claim 31, further comprising: afterstoring the payment transaction, determining the mobile device has aconnection to the external network; determining the mobile device hasstored payment transactions; forwarding each of the stored paymenttransactions to a payment service system; and receiving a response foreach of the stored payment transactions from the payment service system.33. The system of claim 32, where each response is an acceptance or arejection of the respective stored payment transaction.
 34. The systemof claim 31, where the risk heuristic model comprises: determiningwhether a value of the payment transaction or a total value surpasses amaximum value, where the total value is a sum of the value of thepayment transaction and values of one or more already storedtransactions; and determining whether a number of stored transactionsstored on the mobile device surpasses a maximum number.
 35. The systemof claim 34, where if the number of stored transactions does not surpassthe maximum number and the value of the payment transaction or the totalvalue do not surpass the maximum value, storing the payment transactionon the mobile device.
 36. The system of claim 34, where if the number ofstored transactions surpasses the maximum number, rejecting the paymenttransaction.
 37. The system of claim 34, where if the number of storedtransactions does not surpass the maximum number and the value of thepayment transaction or the total value surpass the maximum value,further comprising: sending a request to proceed to a user interface ofthe mobile device; receiving input through the user interface; storingthe payment transaction if the input includes an approval of the requestto proceed; and rejecting the payment transaction if the input includesa denial of the request to proceed.
 38. The system of claim 31, wherethe payment transaction is encrypted using a key before the storing,where the key is obtained from a payment service system.
 39. The systemof claim 31, where storing the payment transaction includes storing atime or user session data of the transaction.
 40. The system of claim31, further comprising determining whether the mobile device has aconnection to the external network after an interval of time.
 41. Thesystem of claim 31, where the external network is an Internet network.42. The system of claim 31, where the already stored transactions areobtained from an internal database.
 43. The system of claim 31, wherethe risk factors include prior transactions or analysis of the priortransactions.
 44. The system of claim 31, where the risk factors areupdated by a payment service system when the mobile device has aconnection to the external network.
 45. The system of claim 31, wherethe risk heuristic model is updated by a payment service system when themobile device has a connection to the external network.